Class SecureHeadersGatewayFilterFactory

java.lang.Object
org.springframework.cloud.gateway.support.AbstractConfigurable<SecureHeadersGatewayFilterFactory.Config>
org.springframework.cloud.gateway.filter.factory.AbstractGatewayFilterFactory<SecureHeadersGatewayFilterFactory.Config>
org.springframework.cloud.gateway.filter.factory.SecureHeadersGatewayFilterFactory
All Implemented Interfaces:
org.springframework.beans.factory.Aware, GatewayFilterFactory<SecureHeadersGatewayFilterFactory.Config>, Configurable<SecureHeadersGatewayFilterFactory.Config>, ShortcutConfigurable, org.springframework.context.ApplicationEventPublisherAware
public class SecureHeadersGatewayFilterFactory extends AbstractGatewayFilterFactory<SecureHeadersGatewayFilterFactory.Config>
GatewayFilterFactory to provide a route filter that applies security headers to the HTTP response. External configuration SecureHeadersProperties provides opinionated defaults. Following the recommendations made in Http-Security-Headers. When opt-out headers are not disabled or explicitly configured, sensible defaults are applied. Additionally, opt-in headers, such as Permissions-Policy, may be applied.
Author:
Spencer Gibb, Thirunavukkarasu Ravichandran, Jörg Richter

  • Field Details

    • X_XSS_PROTECTION_HEADER

      public static final String X_XSS_PROTECTION_HEADER
      Xss-Protection header name.
      See Also:

    • STRICT_TRANSPORT_SECURITY_HEADER

      public static final String STRICT_TRANSPORT_SECURITY_HEADER
      Strict transport security header name.
      See Also:

    • X_FRAME_OPTIONS_HEADER

      public static final String X_FRAME_OPTIONS_HEADER
      Frame options header name.
      See Also:

    • X_CONTENT_TYPE_OPTIONS_HEADER

      public static final String X_CONTENT_TYPE_OPTIONS_HEADER
      Content-Type Options header name.
      See Also:

    • REFERRER_POLICY_HEADER

      public static final String REFERRER_POLICY_HEADER
      Referrer Policy header name.
      See Also:

    • CONTENT_SECURITY_POLICY_HEADER

      public static final String CONTENT_SECURITY_POLICY_HEADER
      Content-Security Policy header name.
      See Also:

    • X_DOWNLOAD_OPTIONS_HEADER

      public static final String X_DOWNLOAD_OPTIONS_HEADER
      Download Options header name.
      See Also:

    • X_PERMITTED_CROSS_DOMAIN_POLICIES_HEADER

      public static final String X_PERMITTED_CROSS_DOMAIN_POLICIES_HEADER
      Permitted Cross-Domain Policies header name.
      See Also:

  • Constructor Details

  • Method Details

    • apply

      public GatewayFilter apply(SecureHeadersGatewayFilterFactory.Config originalConfig)
      Returns a GatewayFilter that applies security headers to the HTTP response.
      Parameters:
      originalConfig - the original security configuration
      Returns:
      a GatewayFilter instance that applies security headers to the HTTP response